US20210049286A1 - Data Input Method And Apparatus And User Equipment - Google Patents
Data Input Method And Apparatus And User Equipment Download PDFInfo
- Publication number
- US20210049286A1 US20210049286A1 US17/085,539 US202017085539A US2021049286A1 US 20210049286 A1 US20210049286 A1 US 20210049286A1 US 202017085539 A US202017085539 A US 202017085539A US 2021049286 A1 US2021049286 A1 US 2021049286A1
- Authority
- US
- United States
- Prior art keywords
- operating environment
- event
- secure
- display area
- preset display
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Definitions
- the present invention relates to the field of communications technologies, and in particular, to a data input method and apparatus, and user equipment.
- user equipment user equipment, UE
- UE user equipment
- the user equipment continuously develops, and system functions of the user equipment also increase continuously. With an increase in the system functions, security vulnerability inevitably occurs in a system of the user equipment.
- An attacker may intrude the system of the user equipment by using the security vulnerability, to obtain data stored in the user equipment, and security of a user input operation and terminal displaying cannot be ensured.
- a user implements payment by using user equipment. When the user is entering data at an interface provided by the user equipment, an attacker may intercept an input event of the user and content displayed on the user equipment to obtain the data entered by the user. The attacker may then analyze stored historical data corresponding to an application used for the payment to obtain an account of the user.
- Trust Zone TrustZone
- hardware composition of the user equipment is divided into a Secure World (secure world) and a Normal World (normal world), and data in the Secure World can be transmitted only by using a monitor (monitor).
- An operating system of the user equipment runs in the Normal World.
- a program that runs in the Secure World has a higher security level than a program that runs in the Normal World.
- the Secure World is isolated from the Normal World by using hardware. The Secure World has a right to access all data in the Normal World, but the Normal World has no right to access data in the Secure World.
- the Secure World When the user equipment is started, the Secure World is first entered, and then a program in the Secure World is responsible for switching to the Normal World, and starting the operating system of the user equipment.
- Concepts of the Secure World and the Normal World are put forward in the TrustZone technology, to resolve a problem of data input security in the user equipment.
- a data input environment that runs in the Secure World is provided, and the user may operate an event such as entering an account or a password in the provided data input environment.
- the displayed content usually covers the entire display area of the user equipment.
- the present invention provides a data input method and apparatus, and user equipment, so that security of an event generated when a user operates a program that runs in a Normal World of the user equipment can be better improved, and an event that runs in the Normal World can be directly operated.
- a data input method includes: when it is determined that an operation of a user on UE is not performed in a preset display area, delivering an event corresponding to the operation to a first operating environment for processing, where the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment.
- the method further includes: receiving an operation of the user in an input area presented by a display unit for the user, and generating an event corresponding to the operation; determining whether the event generated when the user performs the operation in the input area is a secure input event; and if it is determined that the event generated when the user performs the operation in the input area is a secure input event, starting the preset display area, and presenting the preset display area to the user by using the display unit.
- the starting the preset display area includes: backing up a current event in the first operating environment; triggering an interrupt in the second operating environment; and starting the preset display area by using the interrupt in the second operating environment.
- Determining is performed on a corresponding event generated when the user performs an operation in an input area that runs in the first operating environment, and whether the event is a secure input event is determined.
- the event is a secure input event
- switching from the first operating environment to the second operating environment is performed, that is, the preset display area is presented to the user, so that a secure input time generated when the user performs an operation on the user equipment may be switched to the second operating environment for processing. In this case, security of the event generated when the user performs the operation on the user equipment can be better ensured.
- the preset display area and the input area are simultaneously presented on a screen of the user equipment.
- the delivering an event corresponding to the operation to a first operating environment for processing includes: storing the event corresponding to the operation in a shared storage area, where the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and triggering an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
- the triggering an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing includes: triggering the interrupt in the first operating environment, and invoking a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
- the method before it is determined that the operation of the user on the user equipment UE is not performed in the preset display area, the method further includes: when it is determined that the event corresponding to the operation is a secure input event, displaying the preset display area, so that the user performs the operation in the preset display area, where the secure input event is a data input event with an authority verification attribute.
- the method further includes: hiding the preset display area. This can improve flexibility of a user operation.
- the preset display area includes a formatted input edit box.
- the formatted input edit box includes at least one of the following: a specified input type may be an input type such as nine-key numeric type, a nine-key Chinese character type, a nine-key alphabetic type, a number and Chinese character hybrid type. This can improve convenience of a user operation.
- a data input apparatus has a function of implementing an action of a terminal in any method design according to the first aspect and the first to the eighth possible implementations of the first aspect.
- the function may be implemented by hardware, or may be implemented by hardware executing corresponding software.
- the hardware or software includes one or more modules corresponding to the function.
- a user terminal has a function of implementing an action of a terminal in any method design according to the first aspect and the first to the eighth possible implementations of the first aspect.
- the function may be implemented by hardware, or may be implemented by hardware executing corresponding software.
- the hardware or software includes one or more modules corresponding to the function.
- a structure of the terminal includes a memory and a processor.
- the memory is configured to store a group of programs
- the processor is configured to invoke the programs stored in the memory, to execute the method in any one of the first aspect, or the first to the eighth possible implementations of the first aspect.
- a computer storage medium is provided, and is configured to store a computer software instruction used by a data input apparatus, and the computer software instruction includes a program designed to execute the foregoing aspects.
- the event corresponding to the operation is delivered to the first operating environment for processing.
- the user operates a program that runs in a Normal World of the user equipment, even if the user needs to process another non-secure event, security of an event generated when the user operates the program that runs in the Normal World of the user equipment can be ensured, and an event that runs in the Normal World can be directly operated.
- FIG. 1A and FIG. 1B are a schematic diagram of a logical structure of a computing node to which a data input method is applied according to an embodiment of the present invention
- FIG. 2 is a schematic diagram of structural composition of user equipment according to an embodiment of the present invention.
- FIG. 3 is a schematic diagram of structural composition of user equipment according to an embodiment of the present invention.
- FIG. 4 is a schematic structural diagram of hardware composition of a Secure World of a data input system according to an embodiment of the present invention
- FIG. 5 is a flowchart of a data input method according to an embodiment of the present invention.
- FIG. 6 is a schematic diagram of an input edit box according to an embodiment of the present invention.
- FIG. 7 is a schematic diagram of a preset display area and an input area according to an embodiment of the present invention.
- FIG. 8 is a schematic diagram of a specified input type according to an embodiment of the present invention.
- FIG. 9 is a flowchart of a data input method according to an embodiment of the present invention.
- FIG. 10 is a schematic diagram of structural composition of a data input apparatus according to an embodiment of the present invention.
- FIG. 1A and FIG. 1B are used as an example to describe a logical structure of a computing node to which a data input method provided in this embodiment of the present invention is applied.
- the computing node may be user equipment, and the user equipment may be specifically a desktop computer, a notebook computer, a smartphone, a tablet, or the like.
- a hardware layer of the user equipment includes a central processing unit (Center Processing Unit, CPU), a graphics processing unit (Graphic Processing Unit, GPU), and the like.
- the hardware layer of the user equipment may further include a memory, an input/output device (Input Device), a network interface, and the like.
- the input device may include a keyboard, a mouse, a touchscreen, and the like.
- the output device may include a display device such as a liquid crystal display (Liquid Crystal Display, LCD), a cathode-ray tube (Cathode Ray Tube, CRT), holographic imaging (Holographic), or a projector (Projector).
- An operating system such as Android
- a kernel library layer is a core part of the operating system, and includes an input/output service, a kernel service, a graphics device interface, a graphics engine (Graphics Engine) that implements graphics processing of the CPU and the GPU, and the like.
- the graphics engine may include a 2 D engine, a 3 D engine, a combining unit (Composition), a frame buffer (Frame Buffer), and the like.
- the kernel library layer further includes an input method service.
- the input method service includes an input method service embedded in a terminal.
- the input method service further includes the data input method provided in this embodiment of the present invention.
- the terminal further includes a driver layer, a framework layer, and an application layer.
- the driver layer may include a CPU driver (driver), a GPU driver, a display controller driver, a TrustZone driver (Trust Zone Driver), and the like.
- the framework layer may include a graphic service (Graphic Service), a system service (System service), a web service (Web Service), a user service (Customer Service), and the like.
- the graphic service may include a widget (Widget), a canvas (Canvas), a view (Views), a render script, and the like.
- the application layer may include a desktop (launcher), a media player (Media Player), a browser (Browser), and the like.
- a secure operating environment when hardware and program instructions of user equipment run, there may be two operating environments: a secure operating environment and a non-secure operating environment.
- the non-secure operating environment may also be referred to as a Normal World, and is corresponding to a first operating environment put forward in this embodiment of the present invention.
- the secure operating environment may also be referred to as a Secure World, and is corresponding to a second operating environment put forward in this embodiment of the present invention.
- a program and hardware of the user equipment that run in the secure operating environment have a higher security level than a program and hardware of the user equipment that run in the non-secure operating environment.
- the Secure World may also be a virtual operating environment isolated from the operating system of the user equipment.
- the user equipment 200 includes: at least one processor 201 , at least one network interface 204 or another user interface 203 , a memory 205 , and at least one communications bus 202 .
- the communications bus 202 is configured to implement connection and communication between these components.
- the user equipment 200 includes the user interface 203 that includes a display (for example, the LCD, the CRT, the holographic imaging (Holographic), or the projector (Projector) shown in FIG. 1A and FIG. 1B ), a keyboard or a click device (for example, a mouse, a trackball (trackball), a touchpad, or a touchscreen), and the like.
- the memory 205 may include a read-only memory and a random access memory, and provide the processor 201 with a program instruction and data that are stored in the memory 205 .
- a part of the memory 205 may further include a nonvolatile random access memory (NVRAM).
- NVRAM nonvolatile random access memory
- the memory 205 stores the following elements: an executable module or a data structure, or a subset thereof, or an extended set thereof.
- An operating system 2051 includes various system program instructions.
- the program instructions may run on the framework layer, the kernel library layer, the driver layer, and the like shown in FIG. 1A and FIG. 1B , and are used to implement various basic services and process hardware-based tasks.
- the operating system may run in both a first operating environment and a second operating environment whose security level is higher than the first operating environment.
- An application program 2052 includes various application programs, for example, the desktop (launcher), the media player (Media Player), the browser (Browser), and an input method application that are shown in FIG. 1A and FIG. 1B , and the various application programs are used to implement various application services.
- the various application programs in the application program 2052 may be applied to the first operating environment, or may run in the second operating environment.
- the application program 2052 stores a program instruction that implements the data input method, and the program instruction runs in the second operating environment.
- the memory 205 may also be referred to as a storage area, and is configured to store a program of the data input method, and store the operating system.
- the processor 201 invokes the program instruction stored in the memory 205 , and according to the obtained program instruction, the processor 201 is configured to: when it is determined that an operation of a user on the UE is not performed in a preset display area, deliver an event corresponding to the operation to the first operating environment for processing.
- the processor 201 is further configured to: when it is determined that the event corresponding to the operation is a secure input event, display the preset display area, so that the user performs the operation in the preset display area.
- the secure input event is a data input event with an authority verification attribute.
- the processor 201 is specifically configured to store the event corresponding to the operation in a shared storage area.
- the shared storage area is a storage area that is shared by the first operating environment and the second operating environment.
- the user equipment further includes an interrupt in the first operating environment (which is not shown in FIG. 2 ).
- the processor 201 triggers the interrupt in the first operating environment, and the interrupt in the first operating environment delivers the event stored in the shared storage area to the first operating environment for processing. Further, the processor 201 is specifically configured to: trigger the interrupt in the first operating environment, and invoke a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
- the processor 201 is specifically configured to hide the preset display area.
- FIG. 3 is a schematic diagram of structural composition of user equipment 300 .
- the user equipment 300 mainly includes a memory 320 , a processor 360 , and an input unit 330 .
- the input unit 330 is configured to receive an event generated when a user performs an operation on a terminal.
- the memory 320 is configured to store program instructions of an operating system and various application programs.
- a first operating environment and a second operating environment are put forward.
- the memory 320 may be divided into a secure memory (which may also be referred to as a secure storage area), a non-secure memory (which may also be referred to as a non-secure storage area), and a shared memory (which may also be referred to as a shared storage area).
- the non-secure memory is disposed in the first operating environment
- the secure memory is disposed in the second operating environment.
- the second operating environment has a higher security level than the first operating environment.
- a processor or an interrupt disposed in the first operating environment cannot directly access the secure memory in the second operating environment.
- a processor or an interrupt in the second operating environment may access the non-secure processor disposed in the first operating environment, and access the non-secure storage area.
- data stored in the shared memory is data that may be accessed by processors or interrupts in both the first operating environment and the second operating environment. That is, the processors or the interrupts in the first operating environment and the second operating environment may access the shared memory to obtain the data in the shared memory.
- processor 360 It may be understood that for a specific implementation function of the processor 360 , reference may be made to the detailed descriptions of the processor 201 , and details are not described herein again.
- the memory 320 may be a memory of the user equipment 300 .
- the memory may be divided into three storage spaces.
- the three storage spaces are separately corresponding to a secure memory disposed in the first operating environment, a non-secure memory disposed in the second environment, and a shared memory that may be accessed by application programs or hardware in both the first operating environment and the second operating environment.
- the secure memory, the non-secure memory, and the shared memory may have spaces of a same size, or may have spaces of different sizes according to different stored data input events.
- the input unit 330 of the user equipment may be configured to receive number or character information that is entered by the user, so as to generate a signal input related to user settings or function control of the user equipment 300 .
- the input unit 330 may include a touch panel 331 .
- the touch panel 331 may collect an operation (such as an operation performed by the user on the touch panel 331 by using any proper object or accessory, such as a finger or a stylus) performed by the user on the touch panel 331 , and drive, according to a preset program instruction, a corresponding apparatus connected to the touch panel 331 .
- the touch panel 331 may include two parts: a touch detection apparatus and a touch controller.
- the touch detection apparatus detects a touch location of the user, detects a signal brought by the touch operation, and sends the signal to the touch controller.
- the touch controller receives touch information received from the touch detection apparatus, converts the touch information into touch coordinates, and sends the touch coordinates to the processor 360 .
- the touch controller can further receive and execute a command sent by the processor 360 .
- the touch panel 331 may be implemented by using multiple types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave.
- the input unit 330 may further include another input device 332 .
- the another input device 332 may include but is not limited to one or more of a physical keyboard, a functional key (such as a volume control key or an on/off key), a trackball, a mouse, a joystick, or the like.
- the user equipment 300 may further include a display unit 340 .
- the display unit 340 may be configured to display information entered by the user or information provided for the user and various menu interfaces of the user equipment 300 .
- the display unit 340 may include a display panel 341 .
- the display panel 341 may be configured in a form such as a liquid crystal display (Liquid Crystal Display, LCD) or an organic light-emitting diode (Organic Light-Emitting Diode, OLED).
- the touch panel 331 covers the display panel 341 , to form a touch display screen.
- the touch display screen provides a preset display area for the user. After detecting a touch operation on or near the touch display screen, the touch display screen 7 transmits the touch operation to the processor 360 to determine a type of a touch event. Then the processor 360 provides a corresponding visual output on the touch display screen according to the type of the touch event.
- the touch display screen includes different display areas.
- Each display area may include at least one interface element such as an icon of an application program and/or a widget home screen widget.
- the processor 360 is a control center of the user equipment 300 , is connected to each part of an entire mobile phone by using various interfaces and lines, and performs various functions of the user equipment 300 and data processing by running or executing the software program and/or the module that are/is stored in the memory 320 , so as to perform overall monitoring on the user equipment 300 .
- the processor 360 first enters the second operating environment, and performs initialization setting of the operating system in the second operating environment, so as to ensure security of the operating system.
- the initialization setting includes initialization of a monitor mode.
- all memories the secure memory, the non-secure memory, and the shared memory
- an operating system image that needs to run in the first operating environment is loaded into the non-secure memory, and then the system image in the first operating environment runs.
- the user equipment 300 may further include an RF circuit 310 , a WiFi module 380 that is configured to provide a wireless connection, a power supply 390 , and an audio frequency circuit 370 that is configured to provide sound input and output.
- operating environments of a data input method are divided into a Normal World (a first operating environment) and a Secure World (a second operating environment).
- a Normal World a first operating environment
- a Secure World a second operating environment
- one user equipment has only one set of hardware structures.
- security attributes of some hardware can be dynamically set, but security attributes of the other hardware are fixed.
- Security of the entire system is obtained by dividing a hardware resource and a software resource of a system on chip (System on Chip, SoC) into the two worlds.
- SoC system on Chip
- the SoC system includes a processor (Core) 401 .
- each physical processor core provides two virtual cores: a non-secure (Non-secure, NS) core and a secure (Secure) core.
- a mechanism of switching between the non-secure core and the secure core is referred to as a monitor (monitor) mode.
- the non-secure core can access only a system resource of the NS, but the secure core can access all resources in the user equipment.
- the SoC further includes direct memory access (Direct Memory Access, DMA) 402 , a secure random access memory (Secure Random Access Memory, Secure RAM) 403 , a secure boot read only memory (Secure Boot Read Only Memory, Secure Boot ROM) 404 , a generic interrupt controller (Generic Interrupt Controller, GIC) 405 that is integrated with TrustZone support and that can work in the first operating environment and the second operating environment, a TrustZone interrupt controller (Trust Zone Interrupt Controller, TZIC) 406 that may be independently implemented, and the like.
- DMA Direct Memory Access
- SDRAM Secure Random Access Memory
- Secure Boot Read Only Memory Secure Boot ROM
- GIC Generic Interrupt Controller
- TZIC TrustZone interrupt controller
- the SoC further includes a TrustZone address space controller (Trust Zone Address Space Controller, TZASC) 407 that is configured to support a secure interrupt, a TrustZone protection controller (Trust Zone Protection Controller, TZPC) 408 , a dynamic memory controller (Dynamic Memory Controller, DMC) 409 , a dynamic RAM (Dynamic RAM) 410 , and the like.
- TZASC TrustZone Address Space Controller
- TZPC TrustZone protection controller
- DMC Dynamic Memory Controller
- DMC Dynamic RAM
- the TZPC is configured to set a security attribute of a peripheral.
- the TZPC may set an attribute of the display unit to secure. In this case, an operation in the first operating environment cannot access a device that is set as secure.
- the TZASC is configured to control classification of a security attribute of the DRAM.
- the TZASC may set a part of the DRAM as secure, and set the other part of the DRAM as non-secure. If the processor in the first operating environment initiates an access request to the secure memory, the access request is refused. Access of DMA in the first operating environment to the secure memory is refused, and this ensures that the secure memory is not accessed by any operating system or hardware in the first operating environment.
- the GIC is responsible for controlling all interrupt information, and the GIC may set some interrupts as secure, and set some interrupts as normal.
- SoC components are connected to each other by using an Advanced Extensible Interface (Advanced eXtensible Interactive, AXI) 411 .
- the SoC communicates with the peripheral by using an Advanced Extensible Interface to Advanced Peripheral Bus Bridge (Advanced eXtensible Interactive to Advanced Peripheral Bus Bridge, AXI2APB) bridge 412 .
- the AXI2APB may sense a security attribute of an event that currently accesses the peripheral. When an event in the first operating environment accesses a peripheral whose attribute is set to secure, the AXI2APB refuses this access.
- a secure RAM and a secure ROM are isolated by using a software and hardware mechanism, and the secure RAM and the secure ROM are configured to store an operating system that runs in the second operating environment.
- the SoC system is initiated after powered on.
- the system first enters the second operating environment, and then performs initiation setting in the second operating environment.
- the initiation setting includes initiation of the operating system in the second operating environment.
- all memories in the operating system of the user equipment are in the second operating environment.
- the operating system image that needs to run in the first operating environment is loaded to a memory, and some memories are allocated to the first operating environment. Security attributes of the some memories allocated to the first operating environment are set to non-secure. Then the system image in the first operating environment runs.
- FIG. 5 a specific implementation process of delivering an event from a first operating environment to a second operating environment for processing is first described.
- Step 1 A display unit presents an input area to a user, and the user performs an operation in the input area to generate an event corresponding to the operation.
- the display unit may include a touch panel of a touch nature.
- the user touches the touch panel, enters a payment account in the input area, and continues to enter a payment password after entering the payment account.
- a processor receives an event generated when the user operates the touch panel.
- a non-secure core in the first operating environment may receive the event generated when the user operates the touch panel.
- Step 2 The processor determines whether the event generated when the user operates performs the operation in the input area is a secure input event. If it is determined that the event is not a secure input event, the user continues to perform the operation in the input area to generate an event corresponding to the operation, and the processor continues to process the event.
- the secure input event is an event generated only when the user enters a password with an authority verification attribute. For example, in a payment application, after the user enters a user name, the user needs to continue to enter a payment password corresponding to the user name, and after the payment password and the user name are matched, payment is completed. An event corresponding to an operation that the user continues to enter the payment password corresponding to the user name is a secure input event.
- a security attribute of the input area presented by the display unit may be edited in advance.
- the input area is set to a non-secure display area that runs in the first operating environment and a secure display area that runs in the second operating environment.
- an input area in the first operating environment may be an input edit box with a fixed shape and size.
- the input edit box may be in any shape. As shown in FIG. 6 , a square shape is only used as an example.
- a security attribute may be added to the input edit box, and the security attribute is set.
- the secure attribute is set to a numeric attribute. That is, when a received event operated by the user in the input edit box is triggering numeric input, it is determined that the event is a secure input event.
- the payment password of the numeric type is 12345678
- the user triggers a number it is determined that a data input event operated by the user is a secure input event.
- Step 3 The processor triggers a TZ driver when it is determined that a data input event operated by the user is a secure input event.
- the TZ driver triggers a monitor (monitor) mode used for switching between the first operating environment and the second operating environment, and the processor enters the second operating environment by using a monitor.
- Step 4 The processor backs up a current event in the first operating environment in the monitor mode.
- the processor triggers an interrupt in the first operating environment, and stores the currently determined secure input event in a shared storage area. After saving of the secure input event is completed, an interrupt in the second operating environment is triggered in the monitor mode, and a processor in the second operating environment, that is, a secure core, is triggered by using the interrupt in the second operating environment.
- Step 5 The secure core (that is, the processor in the second operating environment) triggers the interrupt, starts a preset display area, and presents the preset display area to the user by using the display unit. A following operation of the user is performed in the preset display area.
- the preset display area runs in the second operating environment.
- the preset display area may be a part of a screen of the user equipment, and the user may perform an input operation in the preset display area.
- the preset display area may be an input edit box that has a fixed shape and size and has a security attribute.
- the preset display area is started.
- the preset display area and the input area may be simultaneously presented on the screen of the user equipment.
- the preset display area may cover a part of the input area and overlap the part of the input area.
- the preset display area may include a specified input type. As shown in FIG.
- the specified input type may be an input type such as a nine-key numeric type, a nine-key Chinese character type (which is not shown in FIG. 8 ), a nine-key alphabetic type, a number and Chinese character hybrid type (which is not shown in FIG. 8 ).
- the preset display area is started, and it is assumed that the specified input type is a display area of the nine-key numeric type.
- the display area of the nine-key numeric type is presented to the user, and the user enters the payment password in the preset display area of the nine-key numeric type.
- Step 6 The processor delivers the event to the second operating environment for processing.
- determining is performed on a corresponding event generated when the user performs an operation in the input area that runs in the first operating environment, whether the event is a secure input event is determined, and when it is determined that the event is a secure input event, switching from the first operating environment to the second operating environment is performed, that is, the preset display area is presented to the user, so that a secure input time generated when the user performs an operation on the user equipment may be switched to the second operating environment for processing.
- security of an event generated when the user performs the operation on the user equipment can be better ensured.
- Step 7 A user performs an operation in a preset display area of user equipment.
- Step 8 A processor in the second operating environment obtains an event corresponding to the operation.
- step 5 For a detailed description of the preset display area, refer to the detailed description in step 5 . Details are not described herein again.
- step 8 the user enters the payment password in the preset display area.
- Step 9 The processor determines whether the operation of the user on the UE is performed in the preset display area, and if it is determined that the operation of the user on the UE is performed in the preset display area, perform step 10 , or if it is determined that the operation of the user on the UE is not performed in the preset display area, perform step 12 .
- the user may perform an operation in a preset display area of a display unit, or may perform an operation outside the preset display area.
- a corresponding event generated by the operation of the user is transmitted to a secure core.
- the secure core determines whether the event is corresponding to an operation that falls in the preset display area. For example, the user enters the payment password in the preset display area, and the secure core determines whether a touch point of the user is in the preset display area.
- the user triggers, for example, entering an account type (that is, performs an operation in the input area) during the foregoing operation, it is determined that the operation of the user is not performed in the preset display area; or when the user does not trigger entering an account type, it is determined that the operation of the user is performed in the preset display area.
- the user is about to enter a payment password 12345678 by using the preset display area.
- the user equipment receives short message service message presentation or calling line identification presentation. If the user taps the short message service message presentation, the operation of the user on the user equipment at this time falls in a short message service message presentation box. In this case, it is determined that the operation of the user on the UE is not performed in the preset display area.
- Step 10 Continue to receive an event generated when the user performs the operation on the user equipment in the preset display area.
- Step 11 When it is determined that the user ends the operation, the processor performs verification processing on the received event, delivers the event to the first operating environment, and feeds back a verification processing result to the user.
- the received payment password is verified in the second operating environment, and a verification result is fed back to the user.
- Step 12 When it is determined that the operation of the user on the user equipment is not performed in the preset display area, the processor delivers the event corresponding to the operation to the first operating environment for processing.
- Manner 1 An interrupt may be triggered to deliver the event corresponding to the operation to the first operating environment for processing.
- the processor may trigger an interrupt in the second operating environment, and store, by using the interrupt in the second operating environment, the event corresponding to the operation of the user in the shared storage area.
- the processor in the monitor mode, the processor triggers an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
- the processor triggers a fast interrupt request (Fast Interrupt Reques, FIQ), and stores the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers the interrupt in the first operating environment to obtain the event stored in the shared storage area. The interrupt in the first operating environment delivers the obtained event to the first operating environment for processing.
- FIQ Fast Interrupt Reques
- Manner 2 The event corresponding to the operation is delivered, by using a daemon thread, to the first operating environment for processing.
- a daemon process is a process with a relatively long lifetime, and is usually independent of the user equipment and periodically executes a task or waits to process an event that is to occur.
- the daemon process is usually started when the system is bootloaded, and ended when the system is disabled.
- the processor may trigger an interrupt in the second operating environment, and store the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers an interrupt in the first operating environment, and triggers a daemon thread in the first operating environment by using the interrupt in the first operating environment.
- the daemon thread obtains the event stored in the shared storage area, and the daemon thread sends the obtained event to the first operating environment for processing.
- a current event needs to be stored in the shared storage area.
- the interrupt in the second operating environment may be triggered, and the event may be stored in the shared storage area by using the interrupt that runs in the second environment.
- a driver of the display unit may transmit the event to an upper-layer application, and the event may be stored in the shared storage area by using the upper-layer application.
- the method further includes: hiding the preset display area.
- the processor hides the preset display area.
- an embodiment of the present invention further puts forward a data input method.
- a specific processing procedure is as follows:
- Step 91 A user performs an operation in a preset display area of user equipment.
- Step 92 A processor in a second operating environment obtains an event corresponding to the operation.
- step 5 For a detailed description of the preset display area, refer to the detailed description in step 5 . Details are not described herein again.
- Step 93 The processor determines whether the operation of the user on the UE is performed in the preset display area, and if it is determined that the operation of the user on the UE is performed in the preset display area, perform step 94 , or if it is determined that the operation of the user on the UE is not performed in the preset display area, perform step 96 .
- Step 94 Continue to receive an event generated when the user performs the operation on the user equipment in the preset display area.
- Step 95 When it is determined that the user ends the operation, the processor performs verification processing on the received event, delivers the received event to a first operating environment, and feeds back a verification processing result to the user.
- the received payment password is verified in the second operating environment, and a verification result is fed back to the user.
- Step 96 When it is determined that the operation of the user on the user equipment is not performed in the preset display area, the processor delivers the event corresponding to the operation to the first operating environment for processing.
- Manner 1 An interrupt may be triggered to deliver the event corresponding to the operation to the first operating environment for processing.
- the processor may trigger an interrupt in the second operating environment, and store, by using the interrupt in the second operating environment, the event corresponding to the operation of the user in the shared storage area.
- the processor in the monitor mode, the processor triggers an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
- the processor triggers a fast interrupt request (Fast Interrupt Reques, FIQ), and stores the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers the interrupt in the first operating environment to obtain the event stored in the shared storage area. The interrupt in the first operating environment delivers the obtained event to the first operating environment for processing.
- FIQ Fast Interrupt Reques
- Manner 2 The event corresponding to the operation is delivered, by using a daemon thread, to the first operating environment for processing.
- a daemon process is a process with a relatively long lifetime, and is usually independent of the user equipment and periodically executes a task or waits to process an event that is to occur.
- the daemon process is usually started when the system is bootloaded, and ended when the system is disabled.
- the processor may trigger an interrupt in the second operating environment, and store the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers an interrupt in the first operating environment, and triggers a daemon thread in the first operating environment by using the interrupt in the first operating environment.
- the daemon thread obtains the event stored in the shared storage area, and the daemon thread sends the obtained event to the first operating environment for processing.
- a current event needs to be stored in the shared storage area.
- the interrupt in the second operating environment may be triggered, and the event may be stored in the shared storage area by using the interrupt that runs in the second environment.
- a driver of the display unit may transmit the event to an upper-layer application, and the event may be stored in the shared storage area by using the upper-layer application.
- the method further includes: hiding the preset display area.
- the processor hides the preset display area.
- an embodiment of the present invention further puts forward a data input apparatus.
- structural composition of the apparatus includes:
- a receiving unit 1001 configured to receive an event generated when a user performs an operation on UE in a preset display area
- a determining unit 1002 configured to determine whether the operation of the user on the UE is performed in the preset display area
- an execution unit 1003 configured to: when it is determined that the operation of the user on the UE is not performed in the preset display area, deliver an event corresponding to the operation to a first operating environment for processing.
- the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment.
- the execution unit 1003 is specifically configured to: store the event corresponding to the operation in a shared storage area, where the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and trigger an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
- the execution unit 1003 is specifically configured to: trigger the interrupt in the first operating environment, and invoke a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
- the execution unit 1003 is further configured to: when it is determined that the event corresponding to the operation is a secure input event, display the preset display area, so that the user performs the operation in the preset display area.
- the secure input event is a data input event with an authority verification attribute.
- the execution unit 1003 is further configured to hide the preset display area after delivering the event corresponding to the operation to the first operating environment for processing.
- the preset display area includes an input edit box with a security attribute.
- the present invention further provides a computer storage medium, configured to store a computer software instruction used by the data input apparatus according to the foregoing aspect.
- the computer software instruction includes a program designed to execute the foregoing aspect.
- the embodiments of the present invention may be provided as a method, an apparatus (device), or a computer program product. Therefore, the present invention may use a form of hardware only embodiments, software only embodiments, or embodiments with a combination of software and hardware. Moreover, the present invention may use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a CD-ROM, an optical memory, and the like) that include computer-usable program code.
- computer-usable storage media including but not limited to a disk memory, a CD-ROM, an optical memory, and the like
- These computer program instructions may be provided for a general-purpose computer, a dedicated computer, an embedded processor, or a processor of any other programmable data processing device to generate a machine, so that the instructions executed by a computer or a processor of any other programmable data processing device generate an apparatus for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
- These computer program instructions may also be stored in a computer readable memory that can instruct the computer or any other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory generate an artifact that includes an instruction apparatus.
- the instruction apparatus implements a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
- These computer program instructions may also be loaded onto a computer or another programmable data processing device, so that a series of operations and steps are performed on the computer or the another programmable device, thereby generating computer-implemented processing. Therefore, the instructions executed on the computer or the another programmable device provide steps for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- User Interface Of Digital Computer (AREA)
- Storage Device Security (AREA)
Abstract
Description
- This application is a continuation of U.S. patent application Ser. No. 16/131,548, filed on Sep. 14, 2018, which is a continuation of International Application No. PCT/CN2017/075643, filed on Mar. 3, 2017, which claims priority to Chinese Patent Application No. 201610145990.7, filed on Mar. 15, 2016. All of the afore-mentioned patent applications are hereby incorporated by reference in their entireties.
- The present invention relates to the field of communications technologies, and in particular, to a data input method and apparatus, and user equipment.
- With continuous development of communications technologies, user equipment (user equipment, UE) can provide an increasingly more powerful application function, and increasingly more data such as personal property or privacy is stored in the user equipment.
- The user equipment continuously develops, and system functions of the user equipment also increase continuously. With an increase in the system functions, security vulnerability inevitably occurs in a system of the user equipment. An attacker may intrude the system of the user equipment by using the security vulnerability, to obtain data stored in the user equipment, and security of a user input operation and terminal displaying cannot be ensured. For example, a user implements payment by using user equipment. When the user is entering data at an interface provided by the user equipment, an attacker may intercept an input event of the user and content displayed on the user equipment to obtain the data entered by the user. The attacker may then analyze stored historical data corresponding to an application used for the payment to obtain an account of the user. When the attacker further obtains a password entered by the user into the user equipment, a severe risk is posed to wealth of the user. In view of this, the industry puts forward a TrustZone (Trust Zone) technology. In this technology, it is proposed that hardware composition of the user equipment is divided into a Secure World (secure world) and a Normal World (normal world), and data in the Secure World can be transmitted only by using a monitor (monitor). An operating system of the user equipment runs in the Normal World. A program that runs in the Secure World has a higher security level than a program that runs in the Normal World. The Secure World is isolated from the Normal World by using hardware. The Secure World has a right to access all data in the Normal World, but the Normal World has no right to access data in the Secure World. When the user equipment is started, the Secure World is first entered, and then a program in the Secure World is responsible for switching to the Normal World, and starting the operating system of the user equipment. Concepts of the Secure World and the Normal World are put forward in the TrustZone technology, to resolve a problem of data input security in the user equipment. A data input environment that runs in the Secure World is provided, and the user may operate an event such as entering an account or a password in the provided data input environment. However, in general, when related content is displayed or entered in the data input environment that runs in the Secure World, the displayed content usually covers the entire display area of the user equipment. When the user needs to operate another event, for example, when a pop-up window of a short message service message appears when the user is entering a user name and a password, and the user needs to view the short message service message, the system needs to quit the data input environment according to an instruction of the user for viewing the short message service message, and this leads to a loss of the previously operated event. Therefore, in the TrustZone technology, neither security of an event generated when the user operates a program that runs in the Normal World of the user equipment can be completely resolved, nor an event that runs in the Normal World can be directly operated.
- The present invention provides a data input method and apparatus, and user equipment, so that security of an event generated when a user operates a program that runs in a Normal World of the user equipment can be better improved, and an event that runs in the Normal World can be directly operated.
- According to a first aspect, a data input method is provided and includes: when it is determined that an operation of a user on UE is not performed in a preset display area, delivering an event corresponding to the operation to a first operating environment for processing, where the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment. This can better improve security of an event generated when the user operates a program that runs in a Normal World of the user equipment, and directly operate an event that runs in the Normal World.
- With reference to the first aspect, in a first possible implementation of the first aspect, the method further includes: receiving an operation of the user in an input area presented by a display unit for the user, and generating an event corresponding to the operation; determining whether the event generated when the user performs the operation in the input area is a secure input event; and if it is determined that the event generated when the user performs the operation in the input area is a secure input event, starting the preset display area, and presenting the preset display area to the user by using the display unit.
- With reference to the first possible implementation of the first aspect, in a second possible implementation of the first aspect, the starting the preset display area includes: backing up a current event in the first operating environment; triggering an interrupt in the second operating environment; and starting the preset display area by using the interrupt in the second operating environment.
- Determining is performed on a corresponding event generated when the user performs an operation in an input area that runs in the first operating environment, and whether the event is a secure input event is determined. When it is determined that the event is a secure input event, switching from the first operating environment to the second operating environment is performed, that is, the preset display area is presented to the user, so that a secure input time generated when the user performs an operation on the user equipment may be switched to the second operating environment for processing. In this case, security of the event generated when the user performs the operation on the user equipment can be better ensured.
- With reference to any one of the first aspect, or the first to the second possible implementations of the first aspect, in a third possible implementation of the first aspect, the preset display area and the input area are simultaneously presented on a screen of the user equipment.
- With reference to the first aspect, in a fourth possible implementation of the first aspect, the delivering an event corresponding to the operation to a first operating environment for processing includes: storing the event corresponding to the operation in a shared storage area, where the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and triggering an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing.
- With reference to the fourth possible implementation of the first aspect, in a fifth possible implementation of the first aspect, the triggering an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing includes: triggering the interrupt in the first operating environment, and invoking a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing.
- With reference to any one of the first aspect, or the first to the fifth possible implementation of the first aspect, in a sixth possible implementation of the first aspect, before it is determined that the operation of the user on the user equipment UE is not performed in the preset display area, the method further includes: when it is determined that the event corresponding to the operation is a secure input event, displaying the preset display area, so that the user performs the operation in the preset display area, where the secure input event is a data input event with an authority verification attribute.
- With reference to any one of the first aspect, or the first to the sixth possible implementation of the first aspect, in a seventh possible implementation of the first aspect, after the delivering an event corresponding to the operation to a first operating environment for processing, the method further includes: hiding the preset display area. This can improve flexibility of a user operation.
- With reference to any one of the first aspect, or the first to the sixth possible implementation of the first aspect, in an eighth possible implementation of the first aspect, the preset display area includes a formatted input edit box.
- With reference to the eighth possible implementation of the first aspect, in a ninth possible implementation of the first aspect, the formatted input edit box includes at least one of the following: a specified input type may be an input type such as nine-key numeric type, a nine-key Chinese character type, a nine-key alphabetic type, a number and Chinese character hybrid type. This can improve convenience of a user operation.
- According to a second aspect, a data input apparatus is provided. The data input apparatus has a function of implementing an action of a terminal in any method design according to the first aspect and the first to the eighth possible implementations of the first aspect. The function may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the function.
- According to a third aspect, a user terminal is provided. The user terminal has a function of implementing an action of a terminal in any method design according to the first aspect and the first to the eighth possible implementations of the first aspect. The function may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the function.
- With reference to the third aspect, in a first possible implementation of the third aspect, a structure of the terminal includes a memory and a processor. The memory is configured to store a group of programs, and the processor is configured to invoke the programs stored in the memory, to execute the method in any one of the first aspect, or the first to the eighth possible implementations of the first aspect.
- According to a fourth aspect, a computer storage medium is provided, and is configured to store a computer software instruction used by a data input apparatus, and the computer software instruction includes a program designed to execute the foregoing aspects.
- By using the foregoing technical solutions, when it is determined that the operation of the user on the UE is not performed in the preset display area, the event corresponding to the operation is delivered to the first operating environment for processing. In this case, when the user operates a program that runs in a Normal World of the user equipment, even if the user needs to process another non-secure event, security of an event generated when the user operates the program that runs in the Normal World of the user equipment can be ensured, and an event that runs in the Normal World can be directly operated.
-
FIG. 1A andFIG. 1B are a schematic diagram of a logical structure of a computing node to which a data input method is applied according to an embodiment of the present invention; -
FIG. 2 is a schematic diagram of structural composition of user equipment according to an embodiment of the present invention; -
FIG. 3 is a schematic diagram of structural composition of user equipment according to an embodiment of the present invention; -
FIG. 4 is a schematic structural diagram of hardware composition of a Secure World of a data input system according to an embodiment of the present invention; -
FIG. 5 is a flowchart of a data input method according to an embodiment of the present invention; -
FIG. 6 is a schematic diagram of an input edit box according to an embodiment of the present invention; -
FIG. 7 is a schematic diagram of a preset display area and an input area according to an embodiment of the present invention; -
FIG. 8 is a schematic diagram of a specified input type according to an embodiment of the present invention; -
FIG. 9 is a flowchart of a data input method according to an embodiment of the present invention; and -
FIG. 10 is a schematic diagram of structural composition of a data input apparatus according to an embodiment of the present invention. - To resolve a problem that in a TrustZone technology, neither security of an event generated when a user operates a program that runs in a Normal World of user equipment can be completely resolved, nor an event that runs in the Normal World can be directly operated, in technical solutions provided in the present invention, when it is determined that an operation of a user on UE is not performed in a preset display area, an event corresponding to the operation is delivered to a first operating environment for processing. The preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment. Therefore, security of the event generated when the user operates the program that runs in the Normal World of the user equipment can be better improved, and the event that runs in the Normal World can be directly operated.
- The following expounds main implementation principles, specific implementations, and corresponding available beneficial effects of the technical solutions in the embodiments of the present invention with reference to various accompanying drawings.
- In a technical solution put forward in an embodiment of the present invention,
FIG. 1A andFIG. 1B are used as an example to describe a logical structure of a computing node to which a data input method provided in this embodiment of the present invention is applied. The computing node may be user equipment, and the user equipment may be specifically a desktop computer, a notebook computer, a smartphone, a tablet, or the like. As shown inFIG. 1 , a hardware layer of the user equipment includes a central processing unit (Center Processing Unit, CPU), a graphics processing unit (Graphic Processing Unit, GPU), and the like. Certainly, the hardware layer of the user equipment may further include a memory, an input/output device (Input Device), a network interface, and the like. The input device may include a keyboard, a mouse, a touchscreen, and the like. The output device may include a display device such as a liquid crystal display (Liquid Crystal Display, LCD), a cathode-ray tube (Cathode Ray Tube, CRT), holographic imaging (Holographic), or a projector (Projector). An operating system (such as Android) and some application programs may run above the hardware layer. A kernel library layer is a core part of the operating system, and includes an input/output service, a kernel service, a graphics device interface, a graphics engine (Graphics Engine) that implements graphics processing of the CPU and the GPU, and the like. The graphics engine may include a 2D engine, a 3D engine, a combining unit (Composition), a frame buffer (Frame Buffer), and the like. The kernel library layer further includes an input method service. The input method service includes an input method service embedded in a terminal. The input method service further includes the data input method provided in this embodiment of the present invention. In addition, the terminal further includes a driver layer, a framework layer, and an application layer. The driver layer may include a CPU driver (driver), a GPU driver, a display controller driver, a TrustZone driver (Trust Zone Driver), and the like. The framework layer may include a graphic service (Graphic Service), a system service (System service), a web service (Web Service), a user service (Customer Service), and the like. The graphic service may include a widget (Widget), a canvas (Canvas), a view (Views), a render script, and the like. The application layer may include a desktop (launcher), a media player (Media Player), a browser (Browser), and the like. - In a TrustZone technology, when hardware and program instructions of user equipment run, there may be two operating environments: a secure operating environment and a non-secure operating environment. The non-secure operating environment may also be referred to as a Normal World, and is corresponding to a first operating environment put forward in this embodiment of the present invention. The secure operating environment may also be referred to as a Secure World, and is corresponding to a second operating environment put forward in this embodiment of the present invention. A program and hardware of the user equipment that run in the secure operating environment have a higher security level than a program and hardware of the user equipment that run in the non-secure operating environment. The Secure World may also be a virtual operating environment isolated from the operating system of the user equipment.
- User equipment to which a data input method put forward in an embodiment of the present invention is applied is shown in
FIG. 2 . Theuser equipment 200 includes: at least oneprocessor 201, at least onenetwork interface 204 or anotheruser interface 203, amemory 205, and at least onecommunications bus 202. Thecommunications bus 202 is configured to implement connection and communication between these components. Optionally, theuser equipment 200 includes theuser interface 203 that includes a display (for example, the LCD, the CRT, the holographic imaging (Holographic), or the projector (Projector) shown inFIG. 1A andFIG. 1B ), a keyboard or a click device (for example, a mouse, a trackball (trackball), a touchpad, or a touchscreen), and the like. - The
memory 205 may include a read-only memory and a random access memory, and provide theprocessor 201 with a program instruction and data that are stored in thememory 205. A part of thememory 205 may further include a nonvolatile random access memory (NVRAM). - In some implementations, the
memory 205 stores the following elements: an executable module or a data structure, or a subset thereof, or an extended set thereof. - An
operating system 2051 includes various system program instructions. The program instructions may run on the framework layer, the kernel library layer, the driver layer, and the like shown inFIG. 1A andFIG. 1B , and are used to implement various basic services and process hardware-based tasks. - In the technical solution put forward in this embodiment of the present invention, the operating system may run in both a first operating environment and a second operating environment whose security level is higher than the first operating environment.
- An
application program 2052 includes various application programs, for example, the desktop (launcher), the media player (Media Player), the browser (Browser), and an input method application that are shown inFIG. 1A andFIG. 1B , and the various application programs are used to implement various application services. - The various application programs in the
application program 2052 may be applied to the first operating environment, or may run in the second operating environment. In the technical solution put forward in this embodiment of the present invention, theapplication program 2052 stores a program instruction that implements the data input method, and the program instruction runs in the second operating environment. - In this embodiment of the present invention, the
memory 205 may also be referred to as a storage area, and is configured to store a program of the data input method, and store the operating system. - The
processor 201 invokes the program instruction stored in thememory 205, and according to the obtained program instruction, theprocessor 201 is configured to: when it is determined that an operation of a user on the UE is not performed in a preset display area, deliver an event corresponding to the operation to the first operating environment for processing. - Optionally, in an embodiment, the
processor 201 is further configured to: when it is determined that the event corresponding to the operation is a secure input event, display the preset display area, so that the user performs the operation in the preset display area. The secure input event is a data input event with an authority verification attribute. - Further, the
processor 201 is specifically configured to store the event corresponding to the operation in a shared storage area. The shared storage area is a storage area that is shared by the first operating environment and the second operating environment. - The user equipment further includes an interrupt in the first operating environment (which is not shown in
FIG. 2 ). Theprocessor 201 triggers the interrupt in the first operating environment, and the interrupt in the first operating environment delivers the event stored in the shared storage area to the first operating environment for processing. Further, theprocessor 201 is specifically configured to: trigger the interrupt in the first operating environment, and invoke a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing. - Further, the
processor 201 is specifically configured to hide the preset display area. - User equipment to which a data input method put forward in an embodiment of the present invention is applied may be a mobile phone, a tablet, a personal digital assistant (Personal Digital Assistant, PDA), or the like. Referring to
FIG. 3 ,FIG. 3 is a schematic diagram of structural composition ofuser equipment 300. - The
user equipment 300 mainly includes amemory 320, aprocessor 360, and aninput unit 330. Theinput unit 330 is configured to receive an event generated when a user performs an operation on a terminal. Thememory 320 is configured to store program instructions of an operating system and various application programs. - In a technical solution put forward in this embodiment of the present invention, a first operating environment and a second operating environment are put forward. Correspondingly, the
memory 320 may be divided into a secure memory (which may also be referred to as a secure storage area), a non-secure memory (which may also be referred to as a non-secure storage area), and a shared memory (which may also be referred to as a shared storage area). The non-secure memory is disposed in the first operating environment, and the secure memory is disposed in the second operating environment. The second operating environment has a higher security level than the first operating environment. A processor or an interrupt disposed in the first operating environment cannot directly access the secure memory in the second operating environment. A processor or an interrupt in the second operating environment may access the non-secure processor disposed in the first operating environment, and access the non-secure storage area. For the shared memory, data stored in the shared memory is data that may be accessed by processors or interrupts in both the first operating environment and the second operating environment. That is, the processors or the interrupts in the first operating environment and the second operating environment may access the shared memory to obtain the data in the shared memory. - It may be understood that for a specific implementation function of the
processor 360, reference may be made to the detailed descriptions of theprocessor 201, and details are not described herein again. - The
memory 320 may be a memory of theuser equipment 300. The memory may be divided into three storage spaces. The three storage spaces are separately corresponding to a secure memory disposed in the first operating environment, a non-secure memory disposed in the second environment, and a shared memory that may be accessed by application programs or hardware in both the first operating environment and the second operating environment. The secure memory, the non-secure memory, and the shared memory may have spaces of a same size, or may have spaces of different sizes according to different stored data input events. - The
input unit 330 of the user equipment may be configured to receive number or character information that is entered by the user, so as to generate a signal input related to user settings or function control of theuser equipment 300. Specifically, in this embodiment of the present invention, theinput unit 330 may include atouch panel 331. Thetouch panel 331 may collect an operation (such as an operation performed by the user on thetouch panel 331 by using any proper object or accessory, such as a finger or a stylus) performed by the user on thetouch panel 331, and drive, according to a preset program instruction, a corresponding apparatus connected to thetouch panel 331. Optionally, thetouch panel 331 may include two parts: a touch detection apparatus and a touch controller. The touch detection apparatus detects a touch location of the user, detects a signal brought by the touch operation, and sends the signal to the touch controller. The touch controller receives touch information received from the touch detection apparatus, converts the touch information into touch coordinates, and sends the touch coordinates to theprocessor 360. The touch controller can further receive and execute a command sent by theprocessor 360. In addition, thetouch panel 331 may be implemented by using multiple types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to thetouch panel 331, theinput unit 330 may further include another input device 332. The another input device 332 may include but is not limited to one or more of a physical keyboard, a functional key (such as a volume control key or an on/off key), a trackball, a mouse, a joystick, or the like. - The
user equipment 300 may further include adisplay unit 340. Thedisplay unit 340 may be configured to display information entered by the user or information provided for the user and various menu interfaces of theuser equipment 300. Thedisplay unit 340 may include adisplay panel 341. Optionally, thedisplay panel 341 may be configured in a form such as a liquid crystal display (Liquid Crystal Display, LCD) or an organic light-emitting diode (Organic Light-Emitting Diode, OLED). - Referring to
FIG. 3 , in this embodiment of the present invention, thetouch panel 331 covers thedisplay panel 341, to form a touch display screen. The touch display screen provides a preset display area for the user. After detecting a touch operation on or near the touch display screen, thetouch display screen 7 transmits the touch operation to theprocessor 360 to determine a type of a touch event. Then theprocessor 360 provides a corresponding visual output on the touch display screen according to the type of the touch event. - In this embodiment of the present invention, the touch display screen includes different display areas. Each display area may include at least one interface element such as an icon of an application program and/or a widget home screen widget.
- The
processor 360 is a control center of theuser equipment 300, is connected to each part of an entire mobile phone by using various interfaces and lines, and performs various functions of theuser equipment 300 and data processing by running or executing the software program and/or the module that are/is stored in thememory 320, so as to perform overall monitoring on theuser equipment 300. - It may be understood that during initiation, the
processor 360 first enters the second operating environment, and performs initialization setting of the operating system in the second operating environment, so as to ensure security of the operating system. - The initialization setting includes initialization of a monitor mode. In a system initiation process, all memories (the secure memory, the non-secure memory, and the shared memory) in the operating system of the user equipment are in the second operating environment. Then an operating system image that needs to run in the first operating environment is loaded into the non-secure memory, and then the system image in the first operating environment runs.
- Optionally, the
user equipment 300 may further include anRF circuit 310, aWiFi module 380 that is configured to provide a wireless connection, apower supply 390, and anaudio frequency circuit 370 that is configured to provide sound input and output. - Based on the
user equipment 300 with the touch display screen shown inFIG. 3 , in a solution put forward in this embodiment of the present invention, operating environments of a data input method are divided into a Normal World (a first operating environment) and a Secure World (a second operating environment). For hardware composition, one user equipment has only one set of hardware structures. However, in the hardware, security attributes of some hardware can be dynamically set, but security attributes of the other hardware are fixed. Security of the entire system is obtained by dividing a hardware resource and a software resource of a system on chip (System on Chip, SoC) into the two worlds. The Secure World and the Normal World are a Secure World corresponding to a secure subsystem and a Normal World corresponding to another subsystem. - As shown in
FIG. 4 , the SoC system includes a processor (Core) 401. In a processor architecture, each physical processor core provides two virtual cores: a non-secure (Non-secure, NS) core and a secure (Secure) core. A mechanism of switching between the non-secure core and the secure core is referred to as a monitor (monitor) mode. The non-secure core can access only a system resource of the NS, but the secure core can access all resources in the user equipment. The SoC further includes direct memory access (Direct Memory Access, DMA) 402, a secure random access memory (Secure Random Access Memory, Secure RAM) 403, a secure boot read only memory (Secure Boot Read Only Memory, Secure Boot ROM) 404, a generic interrupt controller (Generic Interrupt Controller, GIC) 405 that is integrated with TrustZone support and that can work in the first operating environment and the second operating environment, a TrustZone interrupt controller (Trust Zone Interrupt Controller, TZIC) 406 that may be independently implemented, and the like. The SoC further includes a TrustZone address space controller (Trust Zone Address Space Controller, TZASC) 407 that is configured to support a secure interrupt, a TrustZone protection controller (Trust Zone Protection Controller, TZPC) 408, a dynamic memory controller (Dynamic Memory Controller, DMC) 409, a dynamic RAM (Dynamic RAM) 410, and the like. The TZPC is configured to set a security attribute of a peripheral. For example, the TZPC may set an attribute of the display unit to secure. In this case, an operation in the first operating environment cannot access a device that is set as secure. The TZASC is configured to control classification of a security attribute of the DRAM. The TZASC may set a part of the DRAM as secure, and set the other part of the DRAM as non-secure. If the processor in the first operating environment initiates an access request to the secure memory, the access request is refused. Access of DMA in the first operating environment to the secure memory is refused, and this ensures that the secure memory is not accessed by any operating system or hardware in the first operating environment. The GIC is responsible for controlling all interrupt information, and the GIC may set some interrupts as secure, and set some interrupts as normal. - SoC components are connected to each other by using an Advanced Extensible Interface (Advanced eXtensible Interactive, AXI) 411. The SoC communicates with the peripheral by using an Advanced Extensible Interface to Advanced Peripheral Bus Bridge (Advanced eXtensible Interactive to Advanced Peripheral Bus Bridge, AXI2APB)
bridge 412. The AXI2APB may sense a security attribute of an event that currently accesses the peripheral. When an event in the first operating environment accesses a peripheral whose attribute is set to secure, the AXI2APB refuses this access. A secure RAM and a secure ROM are isolated by using a software and hardware mechanism, and the secure RAM and the secure ROM are configured to store an operating system that runs in the second operating environment. - In the data input method put forward in this embodiment of the present invention, the SoC system is initiated after powered on. During starting, the system first enters the second operating environment, and then performs initiation setting in the second operating environment. The initiation setting includes initiation of the operating system in the second operating environment. In a process of initiating the system, all memories in the operating system of the user equipment are in the second operating environment. Then the operating system image that needs to run in the first operating environment is loaded to a memory, and some memories are allocated to the first operating environment. Security attributes of the some memories allocated to the first operating environment are set to non-secure. Then the system image in the first operating environment runs.
- The following describes in detail a processing procedure of a data input method put forward in an embodiment of the present invention. As shown in
FIG. 5 , a specific implementation process of delivering an event from a first operating environment to a second operating environment for processing is first described. - Step 1: A display unit presents an input area to a user, and the user performs an operation in the input area to generate an event corresponding to the operation.
- Detailed description is provided by using an example in which the user enters a payment password of a numeric type in the input area presented by the display unit. The display unit may include a touch panel of a touch nature. The user touches the touch panel, enters a payment account in the input area, and continues to enter a payment password after entering the payment account. A processor receives an event generated when the user operates the touch panel. Specifically, a non-secure core in the first operating environment may receive the event generated when the user operates the touch panel.
- Step 2: The processor determines whether the event generated when the user operates performs the operation in the input area is a secure input event. If it is determined that the event is not a secure input event, the user continues to perform the operation in the input area to generate an event corresponding to the operation, and the processor continues to process the event.
- The secure input event is an event generated only when the user enters a password with an authority verification attribute. For example, in a payment application, after the user enters a user name, the user needs to continue to enter a payment password corresponding to the user name, and after the payment password and the user name are matched, payment is completed. An event corresponding to an operation that the user continues to enter the payment password corresponding to the user name is a secure input event.
- A security attribute of the input area presented by the display unit may be edited in advance. The input area is set to a non-secure display area that runs in the first operating environment and a secure display area that runs in the second operating environment. For example, in a specific implementation process, as shown in
FIG. 6 , an input area in the first operating environment may be an input edit box with a fixed shape and size. The input edit box may be in any shape. As shown inFIG. 6 , a square shape is only used as an example. During setting, a security attribute may be added to the input edit box, and the security attribute is set. For example, the secure attribute is set to a numeric attribute. That is, when a received event operated by the user in the input edit box is triggering numeric input, it is determined that the event is a secure input event. - Detailed description is provided below by still using the example in which the user enters the payment password of the numeric type. When the user is about to enter the payment password of the numeric type, for example, the payment password of the user is 12345678, when the user triggers a number, it is determined that a data input event operated by the user is a secure input event.
- Step 3: The processor triggers a TZ driver when it is determined that a data input event operated by the user is a secure input event. The TZ driver triggers a monitor (monitor) mode used for switching between the first operating environment and the second operating environment, and the processor enters the second operating environment by using a monitor.
- Step 4: The processor backs up a current event in the first operating environment in the monitor mode. The processor triggers an interrupt in the first operating environment, and stores the currently determined secure input event in a shared storage area. After saving of the secure input event is completed, an interrupt in the second operating environment is triggered in the monitor mode, and a processor in the second operating environment, that is, a secure core, is triggered by using the interrupt in the second operating environment.
- Step 5: The secure core (that is, the processor in the second operating environment) triggers the interrupt, starts a preset display area, and presents the preset display area to the user by using the display unit. A following operation of the user is performed in the preset display area.
- The preset display area runs in the second operating environment. The preset display area may be a part of a screen of the user equipment, and the user may perform an input operation in the preset display area. Correspondingly, the preset display area may be an input edit box that has a fixed shape and size and has a security attribute. As shown in
FIG. 7 , the preset display area is started. The preset display area and the input area may be simultaneously presented on the screen of the user equipment. The preset display area may cover a part of the input area and overlap the part of the input area. The preset display area may include a specified input type. As shown inFIG. 8 , the specified input type may be an input type such as a nine-key numeric type, a nine-key Chinese character type (which is not shown inFIG. 8 ), a nine-key alphabetic type, a number and Chinese character hybrid type (which is not shown inFIG. 8 ). - For example, the preset display area is started, and it is assumed that the specified input type is a display area of the nine-key numeric type. In the display unit, the display area of the nine-key numeric type is presented to the user, and the user enters the payment password in the preset display area of the nine-key numeric type.
- Step 6: The processor delivers the event to the second operating environment for processing.
- By using the foregoing technical solution, determining is performed on a corresponding event generated when the user performs an operation in the input area that runs in the first operating environment, whether the event is a secure input event is determined, and when it is determined that the event is a secure input event, switching from the first operating environment to the second operating environment is performed, that is, the preset display area is presented to the user, so that a secure input time generated when the user performs an operation on the user equipment may be switched to the second operating environment for processing. In this case, security of an event generated when the user performs the operation on the user equipment can be better ensured.
- As shown in
FIG. 5 , a specific implementation process of delivering an event from a second operating environment to a first operating environment for processing is then described. - Step 7: A user performs an operation in a preset display area of user equipment.
- Step 8: A processor in the second operating environment obtains an event corresponding to the operation.
- For a detailed description of the preset display area, refer to the detailed description in
step 5. Details are not described herein again. - Likewise, description is provided by using an example in which the user enters a payment password of a numeric type. In
step 8, the user enters the payment password in the preset display area. - Step 9: The processor determines whether the operation of the user on the UE is performed in the preset display area, and if it is determined that the operation of the user on the UE is performed in the preset display area, perform
step 10, or if it is determined that the operation of the user on the UE is not performed in the preset display area, perform step 12. - Specifically, the user may perform an operation in a preset display area of a display unit, or may perform an operation outside the preset display area. A corresponding event generated by the operation of the user is transmitted to a secure core. The secure core determines whether the event is corresponding to an operation that falls in the preset display area. For example, the user enters the payment password in the preset display area, and the secure core determines whether a touch point of the user is in the preset display area. When the user triggers, for example, entering an account type (that is, performs an operation in the input area) during the foregoing operation, it is determined that the operation of the user is not performed in the preset display area; or when the user does not trigger entering an account type, it is determined that the operation of the user is performed in the preset display area. For example, the user is about to enter a payment password 12345678 by using the preset display area. When the user enters 123, the user equipment receives short message service message presentation or calling line identification presentation. If the user taps the short message service message presentation, the operation of the user on the user equipment at this time falls in a short message service message presentation box. In this case, it is determined that the operation of the user on the UE is not performed in the preset display area.
- Step 10: Continue to receive an event generated when the user performs the operation on the user equipment in the preset display area.
- Step 11: When it is determined that the user ends the operation, the processor performs verification processing on the received event, delivers the event to the first operating environment, and feeds back a verification processing result to the user.
- For example, when the user ends entering the payment password, the received payment password is verified in the second operating environment, and a verification result is fed back to the user.
- Step 12: When it is determined that the operation of the user on the user equipment is not performed in the preset display area, the processor delivers the event corresponding to the operation to the first operating environment for processing.
- There may be two implementations of delivering the event corresponding to the operation to the first operating environment for processing.
- Manner 1: An interrupt may be triggered to deliver the event corresponding to the operation to the first operating environment for processing.
- In
Manner 1, the processor may trigger an interrupt in the second operating environment, and store, by using the interrupt in the second operating environment, the event corresponding to the operation of the user in the shared storage area. In this case, in the monitor mode, the processor triggers an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing. - For example, the processor triggers a fast interrupt request (Fast Interrupt Reques, FIQ), and stores the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers the interrupt in the first operating environment to obtain the event stored in the shared storage area. The interrupt in the first operating environment delivers the obtained event to the first operating environment for processing.
- Manner 2: The event corresponding to the operation is delivered, by using a daemon thread, to the first operating environment for processing.
- In
Manner 2, a daemon process is a process with a relatively long lifetime, and is usually independent of the user equipment and periodically executes a task or waits to process an event that is to occur. The daemon process is usually started when the system is bootloaded, and ended when the system is disabled. InManner 2, the processor may trigger an interrupt in the second operating environment, and store the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers an interrupt in the first operating environment, and triggers a daemon thread in the first operating environment by using the interrupt in the first operating environment. The daemon thread obtains the event stored in the shared storage area, and the daemon thread sends the obtained event to the first operating environment for processing. - In the foregoing two specific implementations of delivering the event corresponding to the operation to the first operating environment for processing, before the event is delivered, a current event needs to be stored in the shared storage area. In this case, the interrupt in the second operating environment may be triggered, and the event may be stored in the shared storage area by using the interrupt that runs in the second environment. Alternatively, a driver of the display unit may transmit the event to an upper-layer application, and the event may be stored in the shared storage area by using the upper-layer application.
- Optionally, after delivering the event corresponding to the operation to the first operating environment for processing, the method further includes: hiding the preset display area.
- For example, after entering 12345678, the user does not need to perform any other operation, and in this case, the processor hides the preset display area.
- Correspondingly, an embodiment of the present invention further puts forward a data input method. As shown in
FIG. 9 , a specific processing procedure is as follows: - Step 91: A user performs an operation in a preset display area of user equipment.
- Step 92: A processor in a second operating environment obtains an event corresponding to the operation.
- For a detailed description of the preset display area, refer to the detailed description in
step 5. Details are not described herein again. - Likewise, description is provided by using an example in which the user enters a payment password of a numeric type. The user enters the payment password in the preset display area.
- Step 93: The processor determines whether the operation of the user on the UE is performed in the preset display area, and if it is determined that the operation of the user on the UE is performed in the preset display area, perform
step 94, or if it is determined that the operation of the user on the UE is not performed in the preset display area, performstep 96. - Step 94: Continue to receive an event generated when the user performs the operation on the user equipment in the preset display area.
- Step 95: When it is determined that the user ends the operation, the processor performs verification processing on the received event, delivers the received event to a first operating environment, and feeds back a verification processing result to the user.
- For example, when the user ends entering the payment password, the received payment password is verified in the second operating environment, and a verification result is fed back to the user.
- Step 96: When it is determined that the operation of the user on the user equipment is not performed in the preset display area, the processor delivers the event corresponding to the operation to the first operating environment for processing.
- There may be two implementations of delivering the event corresponding to the operation to the first operating environment for processing.
- Manner 1: An interrupt may be triggered to deliver the event corresponding to the operation to the first operating environment for processing.
- In
Manner 1, the processor may trigger an interrupt in the second operating environment, and store, by using the interrupt in the second operating environment, the event corresponding to the operation of the user in the shared storage area. In this case, in the monitor mode, the processor triggers an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing. - For example, the processor triggers a fast interrupt request (Fast Interrupt Reques, FIQ), and stores the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers the interrupt in the first operating environment to obtain the event stored in the shared storage area. The interrupt in the first operating environment delivers the obtained event to the first operating environment for processing.
- Manner 2: The event corresponding to the operation is delivered, by using a daemon thread, to the first operating environment for processing.
- In
Manner 2, a daemon process is a process with a relatively long lifetime, and is usually independent of the user equipment and periodically executes a task or waits to process an event that is to occur. The daemon process is usually started when the system is bootloaded, and ended when the system is disabled. InManner 2, the processor may trigger an interrupt in the second operating environment, and store the event corresponding to the operation of the user in the shared storage area. Then in the monitor mode, the processor triggers an interrupt in the first operating environment, and triggers a daemon thread in the first operating environment by using the interrupt in the first operating environment. The daemon thread obtains the event stored in the shared storage area, and the daemon thread sends the obtained event to the first operating environment for processing. - In the foregoing two specific implementations of delivering the event corresponding to the operation to the first operating environment for processing, before the event is delivered, a current event needs to be stored in the shared storage area. In this case, the interrupt in the second operating environment may be triggered, and the event may be stored in the shared storage area by using the interrupt that runs in the second environment. Alternatively, a driver of the display unit may transmit the event to an upper-layer application, and the event may be stored in the shared storage area by using the upper-layer application.
- Optionally, after delivering the event corresponding to the operation to the first operating environment for processing, the method further includes: hiding the preset display area.
- For example, after entering 12345678, the user does not need to perform any other operation, and in this case, the processor hides the preset display area.
- Correspondingly, an embodiment of the present invention further puts forward a data input apparatus. As shown in
FIG. 10 , structural composition of the apparatus includes: - a
receiving unit 1001, configured to receive an event generated when a user performs an operation on UE in a preset display area; - a determining
unit 1002, configured to determine whether the operation of the user on the UE is performed in the preset display area; and - an
execution unit 1003, configured to: when it is determined that the operation of the user on the UE is not performed in the preset display area, deliver an event corresponding to the operation to a first operating environment for processing. - The preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment.
- Optionally, in the foregoing apparatus, the
execution unit 1003 is specifically configured to: store the event corresponding to the operation in a shared storage area, where the shared storage area is a storage area that is shared by the first operating environment and the second operating environment; and trigger an interrupt in the first operating environment, to deliver the event stored in the shared storage area to the first operating environment for processing. - Specifically, the
execution unit 1003 is specifically configured to: trigger the interrupt in the first operating environment, and invoke a daemon thread in the first secure environment, so as to deliver, by using the daemon thread, the event stored in the shared storage area to the first operating environment for processing. - Specifically, the
execution unit 1003 is further configured to: when it is determined that the event corresponding to the operation is a secure input event, display the preset display area, so that the user performs the operation in the preset display area. The secure input event is a data input event with an authority verification attribute. - Specifically, the
execution unit 1003 is further configured to hide the preset display area after delivering the event corresponding to the operation to the first operating environment for processing. - Specifically, the preset display area includes an input edit box with a security attribute.
- The present invention further provides a computer storage medium, configured to store a computer software instruction used by the data input apparatus according to the foregoing aspect. The computer software instruction includes a program designed to execute the foregoing aspect.
- A person skilled in the art should understand that the embodiments of the present invention may be provided as a method, an apparatus (device), or a computer program product. Therefore, the present invention may use a form of hardware only embodiments, software only embodiments, or embodiments with a combination of software and hardware. Moreover, the present invention may use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a CD-ROM, an optical memory, and the like) that include computer-usable program code.
- The present invention is described with reference to the flowcharts and/or block diagrams of the method, the apparatus (device), and the computer program product according to the embodiments of the present invention. It should be understood that computer program instructions may be used to implement each process and/or each block in the flowcharts and/or the block diagrams and a combination of a process and/or a block in the flowcharts and/or the block diagrams. These computer program instructions may be provided for a general-purpose computer, a dedicated computer, an embedded processor, or a processor of any other programmable data processing device to generate a machine, so that the instructions executed by a computer or a processor of any other programmable data processing device generate an apparatus for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
- These computer program instructions may also be stored in a computer readable memory that can instruct the computer or any other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory generate an artifact that includes an instruction apparatus. The instruction apparatus implements a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
- These computer program instructions may also be loaded onto a computer or another programmable data processing device, so that a series of operations and steps are performed on the computer or the another programmable device, thereby generating computer-implemented processing. Therefore, the instructions executed on the computer or the another programmable device provide steps for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
- Although some preferred embodiments of the present invention have been described, a person skilled in the art can make changes and modifications to these embodiments once they learn the basic inventive concept. Therefore, the following claims are intended to be construed as to cover the preferred embodiments and all changes and modifications falling within the scope of the present invention.
- Obviously, a person skilled in the art can make various modifications and variations to the present invention without departing from the spirit and scope of the present invention. The present invention is intended to cover these modifications and variations provided that they fall within the scope of protection defined by the following claims and their equivalent technologies.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/085,539 US11574064B2 (en) | 2016-03-15 | 2020-10-30 | Data input method and apparatus and user equipment |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610145990.7A CN105825128B (en) | 2016-03-15 | 2016-03-15 | Data input method and device and user equipment |
CN201610145990.7 | 2016-03-15 | ||
PCT/CN2017/075643 WO2017157192A1 (en) | 2016-03-15 | 2017-03-03 | Data input method, device and user equipment |
US16/131,548 US10831905B2 (en) | 2016-03-15 | 2018-09-14 | Data input method and apparatus and user equipment |
US17/085,539 US11574064B2 (en) | 2016-03-15 | 2020-10-30 | Data input method and apparatus and user equipment |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/131,548 Continuation US10831905B2 (en) | 2016-03-15 | 2018-09-14 | Data input method and apparatus and user equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
US20210049286A1 true US20210049286A1 (en) | 2021-02-18 |
US11574064B2 US11574064B2 (en) | 2023-02-07 |
Family
ID=56987835
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/131,548 Active 2037-06-09 US10831905B2 (en) | 2016-03-15 | 2018-09-14 | Data input method and apparatus and user equipment |
US17/085,539 Active 2037-06-04 US11574064B2 (en) | 2016-03-15 | 2020-10-30 | Data input method and apparatus and user equipment |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/131,548 Active 2037-06-09 US10831905B2 (en) | 2016-03-15 | 2018-09-14 | Data input method and apparatus and user equipment |
Country Status (4)
Country | Link |
---|---|
US (2) | US10831905B2 (en) |
EP (1) | EP3418934A1 (en) |
CN (1) | CN105825128B (en) |
WO (1) | WO2017157192A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4273720A1 (en) * | 2022-05-05 | 2023-11-08 | STMicroelectronics (Rousset) SAS | System-on-chip incorporating a direct memory access circuit and corresponding method |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105825128B (en) | 2016-03-15 | 2020-05-19 | 华为技术有限公司 | Data input method and device and user equipment |
CN107168747B (en) * | 2017-05-27 | 2020-12-29 | 努比亚技术有限公司 | Method and device for distinguishing mobile terminal configuration and computer readable storage medium |
CN109426355B (en) * | 2017-08-31 | 2022-12-30 | 华为终端有限公司 | Input method and input device of electronic equipment and electronic equipment |
CN110059489B (en) * | 2018-01-19 | 2021-08-17 | 旭景科技股份有限公司 | Secure electronic device |
GB201806465D0 (en) | 2018-04-20 | 2018-06-06 | Nordic Semiconductor Asa | Memory-access controll |
GB201810659D0 (en) | 2018-06-28 | 2018-08-15 | Nordic Semiconductor Asa | Secure-Aware Bus System |
GB201810662D0 (en) | 2018-06-28 | 2018-08-15 | Nordic Semiconductor Asa | Peripheral Access On A Secure-Aware Bus System |
GB201810653D0 (en) * | 2018-06-28 | 2018-08-15 | Nordic Semiconductor Asa | Secure peripheral interconnect |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6199181B1 (en) * | 1997-09-09 | 2001-03-06 | Perfecto Technologies Ltd. | Method and system for maintaining restricted operating environments for application programs or operating systems |
US20010043198A1 (en) * | 2000-03-22 | 2001-11-22 | Ludtke Harold Aaron | Data entry user interface |
US20030225556A1 (en) * | 2000-12-28 | 2003-12-04 | Zeidman Robert Marc | Apparatus and method for connecting hardware to a circuit simulation |
WO2004046916A2 (en) * | 2002-11-18 | 2004-06-03 | Arm Limited | Exception types within a secure processing system |
US20140096222A1 (en) * | 2012-10-01 | 2014-04-03 | Nxp B.V. | Secure user authentication using a master secure element |
EP2741229A1 (en) * | 2012-12-07 | 2014-06-11 | Samsung Electronics Co., Ltd | Priority-based application execution method and apparatus of a dual-mode data processing device |
CN105447406A (en) * | 2015-11-10 | 2016-03-30 | 华为技术有限公司 | Method and apparatus for accessing storage space |
US9619161B2 (en) * | 2013-12-31 | 2017-04-11 | Sung Gon Cho | Storage system having security storage device and management system therefor |
US9734313B2 (en) * | 2014-06-16 | 2017-08-15 | Huawei Technologies Co., Ltd. | Security mode prompt method and apparatus |
Family Cites Families (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040226041A1 (en) * | 2000-02-18 | 2004-11-11 | Xsides Corporation | System and method for parallel data display of multiple executing environments |
US7062466B2 (en) * | 2000-12-06 | 2006-06-13 | The Belo Company | Method and system for operating online classified advertisements |
JP4439187B2 (en) * | 2003-02-10 | 2010-03-24 | シャープ株式会社 | Data processing device |
US20070266444A1 (en) * | 2004-12-03 | 2007-11-15 | Moshe Segal | Method and System for Securing Data Stored in a Storage Device |
US20080275992A1 (en) * | 2005-02-09 | 2008-11-06 | Access Systems Americas, Inc. | System and method of managing connections between a computing system and an available network using a connection manager |
US7954064B2 (en) * | 2005-10-27 | 2011-05-31 | Apple Inc. | Multiple dashboards |
CN100428164C (en) * | 2006-01-23 | 2008-10-22 | 联想(北京)有限公司 | Virtual machine system and device access method thereof |
US8261064B2 (en) * | 2007-02-27 | 2012-09-04 | L-3 Communications Corporation | Integrated secure and non-secure display for a handheld communications device |
US20130145475A1 (en) * | 2011-12-02 | 2013-06-06 | Samsung Electronics Co., Ltd. | Method and apparatus for securing touch input |
KR101930864B1 (en) | 2012-02-16 | 2019-03-11 | 삼성전자주식회사 | Method and apparatus for protecting digital content using device authentication |
US8812873B2 (en) * | 2012-09-26 | 2014-08-19 | Intel Corporation | Secure execution of a computer program using binary translators |
US20140101755A1 (en) * | 2012-10-10 | 2014-04-10 | Research In Motion Limited | Mobile wireless communications device providing security features based upon wearable near field communication (nfc) device and related methods |
WO2014141206A1 (en) * | 2013-03-15 | 2014-09-18 | Ologn Technologies Ag | Secure zone on a virtual machine for digital communications |
US20140281560A1 (en) * | 2013-03-15 | 2014-09-18 | Ologn Technologies Ag | Secure zone on a virtual machine for digital communications |
JP6067449B2 (en) * | 2013-03-26 | 2017-01-25 | 株式会社東芝 | Information processing apparatus and information processing program |
WO2015073830A1 (en) * | 2013-11-15 | 2015-05-21 | Ctpg Operating, Llc | System and method for printing a hidden and secure barcode |
KR20150077774A (en) * | 2013-12-30 | 2015-07-08 | 삼성전자주식회사 | Method and Apparatus for Switching Display |
JP2015215687A (en) * | 2014-05-08 | 2015-12-03 | パナソニックIpマネジメント株式会社 | Portable settlement terminal device |
CN104239783A (en) * | 2014-09-19 | 2014-12-24 | 东软集团股份有限公司 | System and method for safely inputting customizing messages |
CN104318182B (en) * | 2014-10-29 | 2017-09-12 | 中国科学院信息工程研究所 | A kind of intelligent terminal shielding system and method extended based on processor security |
US10754967B1 (en) * | 2014-12-15 | 2020-08-25 | Marvell Asia Pte, Ltd. | Secure interrupt handling between security zones |
US20160239649A1 (en) * | 2015-02-13 | 2016-08-18 | Qualcomm Incorporated | Continuous authentication |
CN105930040A (en) * | 2015-02-27 | 2016-09-07 | 三星电子株式会社 | Electronic device including electronic payment system and operating method thereof |
CN104820573A (en) * | 2015-05-27 | 2015-08-05 | 南京芯度电子科技有限公司 | Safety human-computer interactive interface system and implementation method thereof |
CN104933361A (en) * | 2015-06-05 | 2015-09-23 | 浪潮电子信息产业股份有限公司 | Device and method for protecting login password |
CN105224403B (en) * | 2015-09-17 | 2018-09-28 | 华为技术有限公司 | A kind of interruption processing method and device |
CN110059500A (en) * | 2015-11-30 | 2019-07-26 | 华为技术有限公司 | User interface switching method and terminal |
CN105825128B (en) * | 2016-03-15 | 2020-05-19 | 华为技术有限公司 | Data input method and device and user equipment |
US10740496B2 (en) * | 2017-02-13 | 2020-08-11 | Samsung Electronics Co., Ltd. | Method and apparatus for operating multi-processor system in electronic device |
-
2016
- 2016-03-15 CN CN201610145990.7A patent/CN105825128B/en active Active
-
2017
- 2017-03-03 EP EP17765734.3A patent/EP3418934A1/en active Pending
- 2017-03-03 WO PCT/CN2017/075643 patent/WO2017157192A1/en active Application Filing
-
2018
- 2018-09-14 US US16/131,548 patent/US10831905B2/en active Active
-
2020
- 2020-10-30 US US17/085,539 patent/US11574064B2/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6199181B1 (en) * | 1997-09-09 | 2001-03-06 | Perfecto Technologies Ltd. | Method and system for maintaining restricted operating environments for application programs or operating systems |
US20010043198A1 (en) * | 2000-03-22 | 2001-11-22 | Ludtke Harold Aaron | Data entry user interface |
US20030225556A1 (en) * | 2000-12-28 | 2003-12-04 | Zeidman Robert Marc | Apparatus and method for connecting hardware to a circuit simulation |
WO2004046916A2 (en) * | 2002-11-18 | 2004-06-03 | Arm Limited | Exception types within a secure processing system |
US20140096222A1 (en) * | 2012-10-01 | 2014-04-03 | Nxp B.V. | Secure user authentication using a master secure element |
EP2741229A1 (en) * | 2012-12-07 | 2014-06-11 | Samsung Electronics Co., Ltd | Priority-based application execution method and apparatus of a dual-mode data processing device |
US9619161B2 (en) * | 2013-12-31 | 2017-04-11 | Sung Gon Cho | Storage system having security storage device and management system therefor |
US9734313B2 (en) * | 2014-06-16 | 2017-08-15 | Huawei Technologies Co., Ltd. | Security mode prompt method and apparatus |
CN105447406A (en) * | 2015-11-10 | 2016-03-30 | 华为技术有限公司 | Method and apparatus for accessing storage space |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4273720A1 (en) * | 2022-05-05 | 2023-11-08 | STMicroelectronics (Rousset) SAS | System-on-chip incorporating a direct memory access circuit and corresponding method |
FR3135334A1 (en) * | 2022-05-05 | 2023-11-10 | Stmicroelectronics (Rousset) Sas | SYSTEM ON CHIP INTEGRATING A DIRECT MEMORY ACCESS CIRCUIT AND CORRESPONDING METHOD |
Also Published As
Publication number | Publication date |
---|---|
EP3418934A4 (en) | 2018-12-26 |
BR112018068582A2 (en) | 2019-02-12 |
US11574064B2 (en) | 2023-02-07 |
CN105825128B (en) | 2020-05-19 |
US10831905B2 (en) | 2020-11-10 |
EP3418934A1 (en) | 2018-12-26 |
CN105825128A (en) | 2016-08-03 |
WO2017157192A1 (en) | 2017-09-21 |
US20190018969A1 (en) | 2019-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11574064B2 (en) | Data input method and apparatus and user equipment | |
US11874903B2 (en) | User interface switching method and terminal | |
US10133396B2 (en) | Virtual input device using second touch-enabled display | |
US9654603B1 (en) | Client-side rendering for virtual mobile infrastructure | |
US8458619B2 (en) | Method, system and program product for screensaver breakthrough of prioritized messages | |
EP3255578B1 (en) | Interface display method of terminal and terminal | |
EP2752766B1 (en) | Touch event processing method and portable device implementing the same | |
US9300720B1 (en) | Systems and methods for providing user inputs to remote mobile operating systems | |
US9164646B2 (en) | Method and apparatus for accommodating display migration among a plurality of physical displays | |
US9444912B1 (en) | Virtual mobile infrastructure for mobile devices | |
US9454396B2 (en) | Thin client computing device having touch screen interactive capability support | |
US9001050B2 (en) | Touch screen emulation for a virtual machine | |
US20230195298A1 (en) | Permission setting method and apparatus and electronic device | |
US20120066640A1 (en) | Apparatus for providing multi-mode warping of graphical user interface objects | |
WO2021164460A1 (en) | Touch response method and apparatus, electronic device, and storage medium | |
US20200089512A1 (en) | Method and Apparatus for Invoking Input Method, Server, and Terminal | |
WO2023093661A1 (en) | Interface control method and apparatus, and electronic device and storage medium | |
WO2021115257A1 (en) | Application switching method and apparatus, storage medium and electronic device | |
BR112018068582B1 (en) | DATA ENTRY METHOD, APPARATUS, AND USER EQUIPMENT | |
JP7176067B1 (en) | Information processing device and control method | |
US20240220179A1 (en) | Control method, apparatus, and electronic device | |
KR102411920B1 (en) | Electronic device and control method thereof | |
JP5831948B2 (en) | Information terminal, information input image display method, and program | |
TW201439882A (en) | Touch event processing method and portable device implementing the same | |
Seeger et al. | The Linux-GGI Project |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED |
|
AS | Assignment |
Owner name: HUAWEI TECHNOLOGIES CO., LTD., CHINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZHANG, PENG;WANG, JI;LI, HUI;AND OTHERS;SIGNING DATES FROM 20180222 TO 20181024;REEL/FRAME:055493/0440 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |